Multi-Tenancy Plugin

HIP CDR is built as a multi-tenant capable system. Multi-tenancy is promoted across nearly all services including EHRbase, CDR Bridge, CDR Suite and other components. The logical separation of data is achieved using Row-Level-Security (RLS) on database level, complemented by OAuth2 authentication workflows in Keycloak.

Please note that the Multi-Tenancy Plugin has been developed with the integration into the HIP CDR platform in mind. This means that there are dependencies towards Keycloak and its multi-tenancy concept, which is based on the concept of realms in Keycloak (in which realms are used to represent a tenant).

For the case you want to use multi-tenancy in EHRbase outside the context of HIP CDR, please be aware of these dependencies.

Parameters / Environment Variables

The Transaction Compensation Plugin does not need any parameters to be provided.

REST API

Create Tenant

POST {{ehrbase-url}}ehrbase/plugin/multi-tenant/service

Creates a new tenant in CDR Base

Example request:

POST /ehrbase/plugin/event-trigger/service HTTP/1.1
Host: localhost:8080
Accept: application/json, text/javascript
Content-Type: application/json

{
   "tenantId": "550e8400-e29b-41d4-a716-446655440000",
   "tenantName": "London",
   "tenantProperties": {
      "host": "https://hip-keycloak-hip-lab-integration.vitasystems.dev",
      "realm": "London",
      "client-id": "HIP-CDR-EHRbase-Service"
   }
}

Example response:

HTTP/1.1 200 OK
Vary: Accept

Status Codes:

• 200 OK – No error. The tenant was created successfully

• 401 Unauthorized – A tenant with an identical uuid already exists in CDR Base

• 500 Internal Server Error – Internal system error.

Attribute	Meaning	Example
tenantId	Identifier of the tenant that should be used across all services of the tenant	“550e8400-e29b-41d4-a716-446655440000”
tenantName	Human readable name of the tenant	“London”
tenantProperties.host	Keycloak URI	“https://hip-keycloak-hip-lab-integration.vitasystems.dev”
tenantProperties.realm	Keycloak realm of the tenant (typically identical to the tenant name)	“London”
tenantProperties.client-id	client-id of EHRbase as used in Keycloak	“HIP-CDR-EHRbase-Service”

Retrieve Tenant

GET {{ehrbase-url}}ehrbase/plugin/multi-tenant/service/

Retrieves a list of all tenants available in CDR Base

Example request:

GET /ehrbase/plugin/multi-tenant/service/ HTTP/1.1
Host: localhost:8080

Example response:

HTTP/1.1 200 OK
Vary: Accept

[
 {
   "tenantId": "550e8400-e29b-41d4-a716-446655440000",
   "tenantName": "London",
   "tenantProperties": {
      "host": "https://hip-keycloak-hip-lab-integration.vitasystems.dev",
      "realm": "London",
      "client-id": "HIP-CDR-EHRbase-Service"
   }
},
{
   "tenantId": "3f2266c6-4eb2-47a3-9a83-6c7ace470fef",
   "tenantName": "Barcelona",
   "tenantProperties": {
      "host": "https://hip-keycloak-hip-lab-integration.vitasystems.dev",
      "realm": "Barcelona",
      "client-id": "HIP-CDR-EHRbase-Service"
   }
}
]

Status Codes:

• 200 OK – Event Trigger was successfully retrieved

• 404 Not Found – No Event Triggers were found

• 500 Internal Server Error – Internal system error.

Delete Tenant

DELETE {{ehrbase-url}}ehrbase/plugin/multi-tenant/service/{{tenant_id}}

Deletes the tenant with the tenant_uuid (all data is physically wiped from the system. We strongly advise against using this feature on any production system.

Example request:

DELETE /ehrbase/plugin/multi-tenant/service/3f2266c6-4eb2-47a3-9a83-6c7ace470fef HTTP/1.1
Host: localhost:8080

Example response:

HTTP/1.1 200 OK
Vary: Accept

Status Codes:

• 200 OK – Tenant was successfully deleted

• 404 Not Found – No tenant with given uuid was found

• 500 Internal Server Error – internal system error.